Fatal error in processing email DNS records in hosthunter.py

[warrenjmcdonald]

I am getting this error which looks like a pattern in the email dns entries is unexpected. Given the chance of this happening, it seems like this should be caught and allowed to proceed.

launched with args: --stealth -v -t something.com -o /home/user/ASM-something -f CSV -sc

Traceback (most recent call last): File "ASM.py", line 890, in main(keychain,sw1,output_path,c1) File "ASM.py", line 672, in main hosthunter.dnslookup(target_list[key]) # Passive File "/home/user/AttackSurfaceMapper/modules/hosthunter.py", line 96, in dnslookup if (word[4] == "TXT") and ("v=spf1" in word[5]): IndexError: list index out of range

[ojensen5115]

Interesting. This is processing the result of a query to https://api.hackertarget.com/dnslookup. See example: https://api.hackertarget.com/dnslookup/?q=google.com

Trying to reproduce your error, the only response I've been able to generate which would trigger this error is in the case when the API does not actually return any results, e.g.: https://api.hackertarget.com/dnslookup/?q=invalidinput

in which case the run of ASM wouldn't make much sense anyway.

[ojensen5115]

Huh, actually this is odd. Looks like that API yields the invalid input error for https://api.hackertarget.com/dnslookup/?q=something.com . I would guess that this is a bug in hackertarget where they're incorrectly treating something.com as equivalent to example.com. Do you see this behavior with any other domains?

[warrenjmcdonald]

Thanks for looking at this. The case where this fails was where I pointed at a subdomain, that has no MX or TXT records for mail handling. It works fine for whole domain as those records are present.

I am really just suggesting that since this scenario is not uncommon, it would be better to catch this condition and fail this inside hosthunter.py gracefully rather than exit out of the whole test with failure, requiring to start again with different target params.

[ojensen5115]

Nice find! Yeah, that seems sensible to me too.

[serval21]

Hi, I've got the same error with a domain not a subdomain File "/home/user/AttackSurfaceMapper/modules/hosthunter.py", line 96, in dnslookup if (word[4] == "TXT") and ("v=spf1" in word[5]): IndexError: list index out of range

[ConorDSherman]

I am having the same error as @serval21 and I have tried this on multiple hosts now. The domains are legitimate and the results are the expected format from the hackertarget.com service.

The SPF Record matches the results of the google.com query https://api.hackertarget.com/dnslookup/?q=google.com

[ConorDSherman]

@superhedgy I think this is solved by simply change the position of the index in the for loop in the hosthunter.py script. It seems to work for me after I made this adjustment.

Orginal if (word[4] == "TXT") and ("v=spf1" in word[5]):

Adjusted if (word[0] == "TXT") and ("v=spf1" in word[1]):

[superhedgy]

True, they have changed their format. Thanks again Conor, I am pushing an update tonight.